Hi Ilya, Thats my bad - they were the initial names of options, which I renamed later and missed this place before sending a patch. I’m absolutely fine with proposed change. Please fold it while applying the patch.
Thanks. regards, Vladislav Odintsov > On 15 Feb 2023, at 22:25, Ilya Maximets <i.maxim...@ovn.org> wrote: > > On 2/10/23 17:02, Vladislav Odintsov wrote: >> This patch adds new ovs-ctl options to pass umask configuration to allow >> OVS daemons set requested socket permissions on group. Previous >> behaviour (if using with systemd service unit) created sockets with 0750 >> permissions mask (group has no write permission). >> >> Write permission for group is reasonable in usecase, where ovs-vswitchd >> or ovsdb-server runs as a non-privileged user:group (say, >> openvswitch:openvswitch) and it is needed to access unix socket from >> process running as another non-privileged user. In this case >> administrator has to add that user to openvswitch group and can connect >> to OVS sockets from a process running under that user. >> >> Two new ovs-ctl options --ovsdb-server-umask and --ovs-vswitchd-umask >> were added to manage umask values for appropriate daemons. This is >> useful for systemd users: both ovs-vswitchd and ovsdb-server systemd >> units read options from single /etc/sysconfig/openvswitch configuration >> file. So, with separate options it is possible to set umask only for >> specific daemon. >> >> OPTIONS="--ovsdb-server-umask=0002" >> >> in /etc/openvswitch/sysconfig file will set umask to 0002 value before >> starting only ovsdb-server, while >> >> OPTIONS="--ovs-vswitchd-umask=0002" >> >> will set umask to ovs-vswitchd daemon. >> >> Previous behaviour (not setting umask) is left as default. >> >> Reported-at: >> https://mail.openvswitch.org/pipermail/ovs-dev/2023-January/401501.html >> Signed-off-by: Vladislav Odintsov <odiv...@gmail.com> >> >> --- >> v2 -> v3: >> - addressed Eelco's review comments. >> >> v1 -> v2: >> - added item in NEWS file as Ilya's suggestion; >> - addressed Eelco's review comments; >> - moved umask call from ovs-ctl to ovs-lib; >> - added restoration of umask to effective value before the umask change; >> - previous version --ovs-umask option was split into two: >> --ovs-vswitchd-umask and --ovsdb-server-umask in order to make >> possible umask configuration for specific daemon when running with >> systemd. >> --- >> NEWS | 7 +++++++ >> utilities/ovs-ctl.in | 16 ++++++++++++---- >> utilities/ovs-lib.in | 17 ++++++++++++++--- >> 3 files changed, 33 insertions(+), 7 deletions(-) >> >> diff --git a/NEWS b/NEWS >> index fe6055a27..f7df598bd 100644 >> --- a/NEWS >> +++ b/NEWS >> @@ -4,6 +4,13 @@ Post-v3.1.0 >> * OVS now collects per-interface upcall statistics that can be obtained >> via 'ovs-appctl dpctl/show -s' or the interface's statistics column >> in OVSDB. Available with upstream kernel 6.2+. >> + - ovs-ctl: >> + * Added support to set umask value when starting OVS daemons. New >> options >> + --ovsdb-server-umask=MODE and --ovs-vswitchd-umask=MODE were added >> for >> + that. For instance, when write access on befalf of OVS group is >> needed >> + for ovsdb-server, pass --ovsdb-umask=0002. Use --vswitchd-umask to >> set >> + umask ovs-vswitchd daemon umask. This will allow ovsdb-server or >> + ovs-vswitchd to create sockets with access mode of 0770. > > The options in the example are incorrect. > Also, the text seems slightly too extensive. > > What do you think about this: > > - ovs-ctl: > * Added new options --[ovsdb-server|ovs-vswitchd]-umask=MODE to set umask > value when starting OVS daemons. E.g., use --ovsdb-server-umask=0002 > in order to create OVSDB sockets with access mode of 0770. > > ? > > I could fold this in while applying the change. > > Best regards, Ilya Maximets. _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
